将Fluentd Docker镜像作为非root用户运行
这是一个stream利的Docker镜像: https : //github.com/fluent/fluentd-docker-image
以下是Dockerfile:
FROM fluent/fluentd:onbuild USER root # below RUN includes two plugins as examples # elasticsearch and record-reformer are not required # you may customize including plugins as you wish RUN apk add --update --virtual .build-deps \ sudo build-base ruby-dev \ && sudo -u fluent gem install \ fluent-plugin-elasticsearch \ fluent-plugin-record-reformer \ && sudo -u fluent gem sources --clear-all \ && apk del .build-deps \ && rm -rf /var/cache/apk/* \ /home/fluent/.gem/ruby/2.3.0/cache/*.gem USER fluent EXPOSE 24284 运行这个作为docker的形象
docker exec -it b3c565091160 /bin/sh cat /etc/passwd fluent:x:1000:1000::/home/fluent:
和
/home/fluent # ps -ef PID USER TIME COMMAND 1 root 0:00 {fluentd} /usr/bin/ruby /usr/bin/fluentd -c /fluentd/etc/fluent.conf -p /fluentd/plugins 8 root 0:12 {fluentd} /usr/bin/ruby /usr/bin/fluentd -c /fluentd/etc/fluent.conf -p /fluentd/plugins 22 root 0:00 /bin/sh 28 root 0:00 ps -ef /home/fluent # whoami root
如何才能stream利的用户运行这个Fluentd,特别是用户1000而不是ROOT?